Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes.
The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
To Run this Web application security scanner
Step1: To get all the parameters of type skipfish -h
root@kali:~# skipfish -h
Step2: To scan the target and to write the output in the directory.
root@kali:~# skipfish -d -o 202 http://192.168.169.130/
It will go on scanning through every request, external/Internal links and statistics.
Once the scan completed it will create a professional web application security assessments.
Output consist of various sections such as document type and Issue type overview.
For scanning Wildcard domains
root@kali:~# skipfish -D .192.168.169.130 -o output-dir1 http://192.168.169.130/You need to customize your HTTP requests when scanning big sites.
-H To insert any additional, non-standard headers. -F To define a custom mapping between a host and an IP. -d Limits crawl depth to a specified number of subdirectories. -c Limits the number of children per directory. -x Limits the total number of descendants per crawl tree branch. -r Limits the total number of requests to send in a scan.
skipfish also provides the summary overviews of document types and issue types found, and an interactive sitemap, with nodes discovered through brute-force, denoted in a distinctive way.
Need to specify -e to avoid binary responses for reporting.
Comments